Almost any computer system is open to attack either by malicious software, such as viruses, or by unauthorised access to the system by an individual with malicious intent. In both instances, the primary subject of the malicious attack is to steal, modify or destroy important data held on the computer system. The costs associated with damage to the operating system or other software is negligible when compared with the value of the information that a person has laboured to produce. Computer systems use various access control mechanisms to allow legitimate users to access certain resources and prevent them from accessing others. Normally, the user is given sufficient resources, also known as privileges or permissions, to accomplish all the jobs or tasks that they are likely to do. Two popular approaches to controlling access to data and resources are application-centric and data-centric approaches.
An application-centric approach controls access by defining a set of actions that individual software applications running on the computer system are allowed to perform. For example, a word processing application may be prevented from launching an email program or establishing an internet connection. It will of course be appreciated that individual users, or groups of users, each have their own defined sets of permissions for the various software applications which they are allowed access to. The data-centric approach controls access to the computer system by defining those applications that are allowed to access certain data types. For example, a permission may be defined to restrict access to text files to a particular word processing application only, and to prevent access to those text files by other software applications, such as a web browser, that is nonetheless capable of reading such text files.
A primary disadvantage of both the application-centric and data-centric approaches is that the defined permissions result in an access control system that is entirely binary in its response. That is to say, if an access request falls within the scope of the defined permissions then access is granted. If the request is not, then access is denied.
In itself this binary nature is not a problem but it does lead to a particular use of the access control system that is not very efficient. Individual users generally only perform a relatively small number of tasks on a daily basis. However, should the set of permissions for that user be restricted to only those tasks the user is prevented from performing any other task, regardless of the nature of that task. For example, a user may wish to perform a certain job on a regular, but infrequent, basis, such as generating a quarterly financial report. If the user's original set of permissions does not allow them to perform this operation, it is likely that the user will request that the set of permissions is expanded accordingly. However, on a daily basis the user does not use those permissions required to generate the financial report. In a similar vein, a user's set of permissions may be expanded to allow a one-off activity to be performed, but human nature often means that after the activity has been completed the permissions are not subsequently removed. Consequently, it is often the case that a significant number of the permissions within a user's defined set of permissions are not used on a regular basis and consequently can be used by either a hacker or a piece of malicious software without the corresponding access being denied.